000021906 - RSA ACE/Server users get access denied when authenticating using RADIUS

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021906
Applies ToNortel Contivity Switch
RSA ACE/Server RADIUS
IssueRSA ACE/Server users get access denied when authenticating using RADIUS
Nothing in RSA ACE/Server logs
Error: "Access Denied"
A snoop shows traffic between the device and RSA ACE/Server
CauseThe device is likely sending the authentication request using an IP address that the ACE/Server doesn't know about.
ResolutionThe client or agent host should be setup with the primary IP of the machine.  You can determine which IP is correct by running "snoop -v port 1645" (or equivalent command) from the master server.  Look for the source IP address of the resulting traffic.  Add the client or agent host using this address, making sure this address resolves to the name of the device.  Add all other interfaces as secondary nodes.  Set the encryption key to match that assigned on the device.
Legacy Article IDa6780

Attachments

    Outcomes